High severity8.8NVD Advisory· Published Jan 22, 2024· Updated Jun 17, 2026
CVE-2024-23768
CVE-2024-23768
Description
Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Dremio/Dremiodescription
Patches
Vulnerability mechanics
References
1- docs.dremio.com/current/reference/bulletins/2024-01-12-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.